Remove nightly release

[kevinbackhouse]

I recently switched on immutable releases which broke our nightly release. I think the best solution is to stop doing the nightly release. The build artifacts can be found by checking the recent workflow runs, so it's unnecessary to also upload them as a release.

I also added sigstore to the workflow to sign the builds.

[kevinbackhouse]

@mergify backport 0.28.x

[mergify]

backport 0.28.x

✅ Backports have been created

Details

• #3488 Remove nightly release (backport #3479) has been created for branch 0.28.x but encountered conflicts

Cherry-pick of 1d39f64 has failed:

On branch mergify/bp/0.28.x/pr-3479
Your branch is up to date with 'origin/0.28.x'.

You are currently cherry-picking commit 1d39f640.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   .github/workflows/release.yml

no changes added to commit (use "git add" and/or "git commit -a")

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[Copilot]

Pull request overview

This PR transitions from nightly releases to tag-based releases only, adding sigstore signing for build artifacts. The change addresses issues with GitHub's immutable releases feature by eliminating scheduled nightly releases while maintaining release functionality for version tags.

Changes:

• Added sigstore signing to all build jobs (Linux, macOS, Windows) with appropriate permissions
• Removed nightly release logic and cleanup scripts
• Simplified release job to only trigger on push events (version tags)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.91%. Comparing base (6a68147) to head (1d39f64).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3479   +/-   ##
=======================================
  Coverage   64.91%   64.91%           
=======================================
  Files         116      116           
  Lines       21479    21479           
  Branches    10655    10655           
=======================================
  Hits        13943    13943           
  Misses       5311     5311           
  Partials     2225     2225           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[kevinbackhouse]

I tested this on my fork to make sure it works: https://github.com/kevinbackhouse/exiv2/actions/runs/22025342561

[kmilos]

Any problems foreseen/objections deleting the actual nightly release and nightly-0.28.x tag? @kevinbackhouse @neheb

[kevinbackhouse]

Any problems foreseen/objections deleting the actual nightly release and nightly-0.28.x tag? @kevinbackhouse @neheb

Good point, I'll delete the old nightly tags and releases. Because I accidentally created an immutable "nightly" release, we can never create a release with that name again, but I don't think we're prevented from deleting the old one.

[kmilos]

Also, shall we try adding the windows-11-arm build to the releases? I guess I could try on a branch first...